Cyber debate hinges on amendments

The fate of the Senate's cybersecurity reform measure now hinges on amendments — and bill sponsors, the White House and top Republicans have all drawn their lines in the sand.

The challenge for the Cybersecurity Act of 2012 after a key procedural vote Thursday is whether a growing number of amendments can resolve enough differences to attract GOP support in the Senate — and, ultimately, the House, too — while not completely removing the teeth that Democrats and the Obama administration think is essential to protect the nation from cyber threats.

Story Continued Below

Some Republicans are angling for a broad set of revisions to the critical infrastructure and information sharing bill, and a bloc of GOP members plans to pitch its own cybersecurity measure — the SECURE IT Act — as an amendment during the forthcoming floor debate. That rival bill leaves out any mention of cybersecurity protections for critical infrastructure, a change to the legislation that the White House indicated Thursday it would not support.

Other amendments lawmakers are promising could add new provisions to the bill meant to improve energy-grid security or require tech companies to disclose when they have been breached by hackers.

There are also members angling to amplify the privacy safeguards in the measure, or revise its section on liability protection.

The coming debate over those changes and others is going to be critical for the bill’s backers as they canvass the chamber for votes and seek passage before the August break. Senate Democratic Leader Harry Reid already has made clear he will permit a broad swath of amendments — so long as they're germane — as sponsors try to cobble together a compromise that can clear the Senate and yet still prove appealing to the House.

The list of amendments to be debated is still not finalized and can change. But the speeches, the letters from industry and the posturing on the floor over the past few days have provided an early glimpse of what still remains a slog ahead for the Senate.

Sen. Kay Bailey Hutchison, for one, laid out a series of revisions that could make the bill more palatable to her allies. That could include more explicit provisions making the critical-infrastructure sections voluntary, a standards-setting process led by NIST and not the Department of Homeland Security, and more robust liability protections for business, among other things.

However, Hutchison pledged that she and her colleagues also would unveil their cybersecurity counterplan, the SECURE IT Act, as an amendment in the form of a substitute, in addition to offering the different provisions of that bill as individual amendments. The full SECURE IT Act does not try to bring new security procedures to entities deemed critical infrastructure.

Other members are angling to expand the bill's liability protections in a way to appeal to more owners of power plants, water systems and other essential entities. Sen. Joe Lieberman suggested that could come from Sens. Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.), though the two lawmakers have remained mum on their work — and no one has publicly shared any text.